Skip to:
Content

BuddyPress.org

Changeset 11858


Ignore:
Timestamp:
02/15/2018 03:52:40 PM (6 years ago)
Author:
espellcaste
Message:

Make use of bp_is_post_request() instead of hardcoding POST verifications directly.

BuddyPress is not making use of the bp_is_post_request() in several ajax scenarios to confirm if the post request is indeed a POST request. Instead, it is hardcoding the check directly. This change updates those places making use of this function.

Props DjPaul

Fixes #7684

Location:
trunk/src
Files:
9 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-attachments.php

    r11841 r11858  
    11901190 */
    11911191function bp_attachments_cover_image_ajax_upload() {
    1192     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     1192    if ( ! bp_is_post_request() ) {
    11931193        wp_die();
    11941194    }
     
    13791379 */
    13801380function bp_attachments_cover_image_ajax_delete() {
    1381     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     1381    if ( ! bp_is_post_request() ) {
    13821382        wp_send_json_error();
    13831383    }
  • trunk/src/bp-core/bp-core-avatars.php

    r11670 r11858  
    810810 */
    811811function bp_avatar_ajax_delete() {
    812     // Bail if not a POST action.
    813     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     812    if ( ! bp_is_post_request() ) {
    814813        wp_send_json_error();
    815814    }
     
    953952 */
    954953function bp_avatar_ajax_upload() {
    955     // Bail if not a POST action.
    956     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     954    if ( ! bp_is_post_request() ) {
    957955        wp_die();
    958956    }
     
    12381236 */
    12391237function bp_avatar_ajax_set() {
    1240     // Bail if not a POST action.
    1241     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     1238    if ( ! bp_is_post_request() ) {
    12421239        wp_send_json_error();
    12431240    }
  • trunk/src/bp-settings/bp-settings-actions.php

    r11705 r11858  
    2828 */
    2929function bp_settings_action_general() {
    30 
    31     // Bail if not a POST action.
    32     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    33         return;
     30    if ( ! bp_is_post_request() ) {
     31        return;
     32    }
    3433
    3534    // Bail if no submit action.
    36     if ( ! isset( $_POST['submit'] ) )
    37         return;
     35    if ( ! isset( $_POST['submit'] ) ) {
     36        return;
     37    }
    3838
    3939    // Bail if not in settings.
    40     if ( ! bp_is_settings_component() || ! bp_is_current_action( 'general' ) )
    41         return;
     40    if ( ! bp_is_settings_component() || ! bp_is_current_action( 'general' ) ) {
     41        return;
     42    }
    4243
    4344    // 404 if there are any additional action variables attached
     
    260261 */
    261262function bp_settings_action_notifications() {
    262 
    263     // Bail if not a POST action.
    264     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    265         return;
     263    if ( ! bp_is_post_request() ) {
     264        return;
     265    }
    266266
    267267    // Bail if no submit action.
    268     if ( ! isset( $_POST['submit'] ) )
    269         return;
     268    if ( ! isset( $_POST['submit'] ) ) {
     269        return;
     270    }
    270271
    271272    // Bail if not in settings.
    272     if ( ! bp_is_settings_component() || ! bp_is_current_action( 'notifications' ) )
     273    if ( ! bp_is_settings_component() || ! bp_is_current_action( 'notifications' ) ) {
    273274        return false;
     275    }
    274276
    275277    // 404 if there are any additional action variables attached
     
    307309 */
    308310function bp_settings_action_capabilities() {
    309 
    310     // Bail if not a POST action.
    311     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    312         return;
     311    if ( ! bp_is_post_request() ) {
     312        return;
     313    }
    313314
    314315    // Bail if no submit action.
    315     if ( ! isset( $_POST['capabilities-submit'] ) )
    316         return;
     316    if ( ! isset( $_POST['capabilities-submit'] ) ) {
     317        return;
     318    }
    317319
    318320    // Bail if not in settings.
    319     if ( ! bp_is_settings_component() || ! bp_is_current_action( 'capabilities' ) )
     321    if ( ! bp_is_settings_component() || ! bp_is_current_action( 'capabilities' ) ) {
    320322        return false;
     323    }
    321324
    322325    // 404 if there are any additional action variables attached
     
    381384 */
    382385function bp_settings_action_delete_account() {
    383 
    384     // Bail if not a POST action.
    385     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    386         return;
     386    if ( ! bp_is_post_request() ) {
     387        return;
     388    }
    387389
    388390    // Bail if no submit action.
    389     if ( ! isset( $_POST['delete-account-understand'] ) )
    390         return;
     391    if ( ! isset( $_POST['delete-account-understand'] ) ) {
     392        return;
     393    }
    391394
    392395    // Bail if not in settings.
    393     if ( ! bp_is_settings_component() || ! bp_is_current_action( 'delete-account' ) )
     396    if ( ! bp_is_settings_component() || ! bp_is_current_action( 'delete-account' ) ) {
    394397        return false;
     398    }
    395399
    396400    // 404 if there are any additional action variables attached
  • trunk/src/bp-templates/bp-legacy/buddypress-functions.php

    r11821 r11858  
    780780 */
    781781function bp_legacy_theme_object_template_loader() {
    782     // Bail if not a POST action.
    783     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    784         return;
     782    if ( ! bp_is_post_request() ) {
     783        return;
     784    }
    785785
    786786    // Bail if no object passed.
    787     if ( empty( $_POST['object'] ) )
    788         return;
     787    if ( empty( $_POST['object'] ) ) {
     788        return;
     789    }
    789790
    790791    // Sanitize the object.
     
    792793
    793794    // Bail if object is not an active component to prevent arbitrary file inclusion.
    794     if ( ! bp_is_active( $object ) )
    795         return;
     795    if ( ! bp_is_active( $object ) ) {
     796        return;
     797    }
    796798
    797799    /**
     
    860862 */
    861863function bp_legacy_theme_activity_template_loader() {
    862     // Bail if not a POST action.
    863     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    864         return;
     864    if ( ! bp_is_post_request() ) {
     865        return;
     866    }
    865867
    866868    $scope = '';
     
    921923    $bp = buddypress();
    922924
    923     // Bail if not a POST action.
    924     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    925         return;
     925    if ( ! bp_is_post_request() ) {
     926        return;
     927    }
    926928
    927929    // Check the nonce.
     
    10101012    $bp = buddypress();
    10111013
    1012     // Bail if not a POST action.
    1013     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     1014    if ( ! bp_is_post_request() ) {
    10141015        return;
    10151016    }
     
    10791080 */
    10801081function bp_legacy_theme_delete_activity() {
    1081     // Bail if not a POST action.
    1082     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1083         return;
     1082    if ( ! bp_is_post_request() ) {
     1083        return;
     1084    }
    10841085
    10851086    // Check the nonce.
     
    11171118 */
    11181119function bp_legacy_theme_delete_activity_comment() {
    1119     // Bail if not a POST action.
    1120     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1121         return;
     1120    if ( ! bp_is_post_request() ) {
     1121        return;
     1122    }
    11221123
    11231124    // Check the nonce.
     
    11591160    $bp = buddypress();
    11601161
    1161     // Bail if not a POST action.
    1162     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1163         return;
     1162    if ( ! bp_is_post_request() ) {
     1163        return;
     1164    }
    11641165
    11651166    // Check that user is logged in, Activity Streams are enabled, and Akismet is present.
     
    12041205function bp_legacy_theme_mark_activity_favorite() {
    12051206    // Bail if not a POST action.
    1206     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1207         return;
     1207    if ( ! bp_is_post_request() ) {
     1208        return;
     1209    }
    12081210
    12091211    if ( ! isset( $_POST['nonce'] ) ) {
     
    12331235 */
    12341236function bp_legacy_theme_unmark_activity_favorite() {
    1235     // Bail if not a POST action.
    1236     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1237         return;
     1237    if ( ! bp_is_post_request() ) {
     1238        return;
     1239    }
    12381240
    12391241    if ( ! isset( $_POST['nonce'] ) ) {
     
    12641266 */
    12651267function bp_legacy_theme_get_single_activity_content() {
    1266     // Bail if not a POST action.
    1267     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1268         return;
     1268    if ( ! bp_is_post_request() ) {
     1269        return;
     1270    }
    12691271
    12701272    $activity_array = bp_activity_get_specific( array(
     
    13041306 */
    13051307function bp_legacy_theme_ajax_invite_user() {
    1306     // Bail if not a POST action.
    1307     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1308         return;
     1308    if ( ! bp_is_post_request() ) {
     1309        return;
     1310    }
    13091311
    13101312    check_ajax_referer( 'groups_invite_uninvite_user' );
     
    13871389 */
    13881390function bp_legacy_theme_ajax_addremove_friend() {
    1389 
    1390     // Bail if not a POST action.
    1391     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1392         return;
     1391    if ( ! bp_is_post_request() ) {
     1392        return;
     1393    }
    13931394
    13941395    // Cast fid as an integer.
     
    14411442 */
    14421443function bp_legacy_theme_ajax_accept_friendship() {
    1443     // Bail if not a POST action.
    1444     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1445         return;
     1444    if ( ! bp_is_post_request() ) {
     1445        return;
     1446    }
    14461447
    14471448    check_admin_referer( 'friends_accept_friendship' );
     
    14611462 */
    14621463function bp_legacy_theme_ajax_reject_friendship() {
    1463     // Bail if not a POST action.
    1464     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1465         return;
     1464    if ( ! bp_is_post_request() ) {
     1465        return;
     1466    }
    14661467
    14671468    check_admin_referer( 'friends_reject_friendship' );
     
    14811482 */
    14821483function bp_legacy_theme_ajax_joinleave_group() {
    1483     // Bail if not a POST action.
    1484     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1485         return;
     1484    if ( ! bp_is_post_request() ) {
     1485        return;
     1486    }
    14861487
    14871488    // Cast gid as integer.
     
    15521553 */
    15531554function bp_legacy_theme_ajax_close_notice() {
    1554     // Bail if not a POST action.
    1555     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1556         return;
     1555    if ( ! bp_is_post_request() ) {
     1556        return;
     1557    }
    15571558
    15581559    $nonce_check = isset( $_POST['nonce'] ) && wp_verify_nonce( wp_unslash( $_POST['nonce'] ), 'bp_messages_close_notice' );
     
    15841585 */
    15851586function bp_legacy_theme_ajax_messages_send_reply() {
    1586     // Bail if not a POST action.
    1587     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
    1588         return;
     1587    if ( ! bp_is_post_request() ) {
     1588        return;
     1589    }
    15891590
    15901591    check_ajax_referer( 'messages_send_message' );
  • trunk/src/bp-templates/bp-nouveau/includes/activity/ajax.php

    r11856 r11858  
    8686 */
    8787function bp_nouveau_ajax_mark_activity_favorite() {
    88     // Bail if not a POST action.
    89     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     88    if ( ! bp_is_post_request() ) {
    9089        wp_send_json_error();
    9190    }
     
    127126 */
    128127function bp_nouveau_ajax_unmark_activity_favorite() {
    129     // Bail if not a POST action.
    130     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     128    if ( ! bp_is_post_request() ) {
    131129        wp_send_json_error();
    132130    }
     
    164162 */
    165163function bp_nouveau_ajax_clear_new_mentions() {
    166     // Bail if not a POST action.
    167     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     164    if ( ! bp_is_post_request() ) {
    168165        wp_send_json_error();
    169166    }
     
    194191
    195192    // Bail if not a POST action.
    196     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     193    if ( ! bp_is_post_request() ) {
    197194        wp_send_json_error( $response );
    198195    }
     
    266263
    267264    // Bail if not a POST action.
    268     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     265    if ( ! bp_is_post_request() ) {
    269266        wp_send_json_error( $response );
    270267    }
     
    327324
    328325    // Bail if not a POST action.
    329     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     326    if ( ! bp_is_post_request() ) {
    330327        wp_send_json_error( $response );
    331328    }
     
    564561
    565562    // Bail if not a POST action.
    566     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     563    if ( ! bp_is_post_request() ) {
    567564        wp_send_json_error( $response );
    568565    }
  • trunk/src/bp-templates/bp-nouveau/includes/ajax.php

    r11855 r11858  
    1616 */
    1717function bp_nouveau_ajax_object_template_loader() {
    18     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     18    if ( ! bp_is_post_request() ) {
    1919        wp_send_json_error();
    2020    }
  • trunk/src/bp-templates/bp-nouveau/includes/friends/ajax.php

    r11856 r11858  
    6363
    6464    // Bail if not a POST action.
    65     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     65    if ( ! bp_is_post_request() ) {
    6666        wp_send_json_error( $response );
    6767    }
  • trunk/src/bp-templates/bp-nouveau/includes/groups/ajax.php

    r11856 r11858  
    4040
    4141    // Bail if not a POST action.
    42     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) || empty( $_POST['action'] ) ) {
     42    if ( ! bp_is_post_request() || empty( $_POST['action'] ) ) {
    4343        wp_send_json_error( $response );
    4444    }
  • trunk/src/bp-xprofile/bp-xprofile-actions.php

    r10825 r11858  
    5555
    5656    // Bail if not a POST action.
    57     if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     57    if ( ! bp_is_post_request() ) {
    5858        return;
    5959    }
Note: See TracChangeset for help on using the changeset viewer.